I alluded to computer problems last week a couple of times, I believe, here and at the other blog. Yesterday I had the final resolution, and I’m going to journal what happened here, in hopes that I can assist someone else with a similar computer problem. My primary computer for the last year has been an Acer E5-571 UQ laptop, which was bought new, and in that year, the only problem had been the internal wifi failing (which I didn’t bother returning under warranty, just put a dongle on it).
A year and two weeks after purchase, or midweek last week, I noticed some problems with programs hanging or crashing. I checked and to my surprise, the running processes were using nearly all the disk memory. I started to try and figure out what was hogging the memory, and as I did so, decided to go ahead and do a backup of files to my external drive. I did not create a system recovery file, however.
I was under the vague impression that my photography had filled up the majority of the terabyte drive on this computer, and was chatting with a friend about adding an external drive to store the photos, like I did with my Mac a few years back. Awkward on a laptop that I do still take to school regularly. She suggested that I run malwarebytes on it, to see if I’d picked up something. I’d been running Avast scans every couple of weeks, but I know that just one program will often miss bugs.
I started Malwarebytes working, and kept looking at running processes to figure out what was happening. Something I have learned and it applies to more than computers: If you know what is wrong, you are well on the way to fixing it. Malwarebytes let me know that it was finished, and it had found 303 suspicious files and would I like to restart? Surprised at the number, I restarted.
That’s when things went wrong. The computer didn’t restart. Instead, it told me that it was running Automatic Repair, but that wasn’t successful. For the first time, I found myself staring at the Blue Screen of Death (BSOD).
I fired up my old Mac, crossed my fingers it wouldn’t overheat too quickly, and once back on chat, my friend walked me through trying to refresh the system. Nothing worked, and I was reluctant to dump the files and reboot to factory build, because I wasn’t sure my files had actually backed up: the computer was already having problems then. My friend told me that she was afraid it was the hard drive. I remembered that a classmate had told me my school’s computer lab would help fix personal computers, too.
I took the laptop to the guy in the computer lab, who told me he wouldn’t be able to help much, but that he, too, thought it was either the motherboard or the harddrive. I carried the laptop home and looked up prices on replacing those things. But before I impulsively purchased, I called the extended warranty people. I’d bought it, might as well find out if I could use it. They gave me two options: send it to them, or take it to the Geek Squad at Best Buy, which would like be faster. They would pay the invoice.
I took it to the Geek Squad the following day. There, I met a very nice man who shared some of my interests in reading – he was quite taken with the stickers on my laptop – and he cautioned me that my extended warranty might not cover software, and he was fairly sure that what I had was not a failed harddrive or motherboard, but a nasty virus. They can get mad, he pointed out jokingly, and if they can’t have your computer, no-one can. He told me that I should check before paying for services that might not be covered.
I came home, and for the second time, I went to talk to a group of my online friends who are geekier than I. I laid out my problems, and they delivered. Boy, did they deliver. I’ve rambled on for too long, so I’ll just say now that I have my laptop fully functional, and all my files intact. With no out of pocket cost. Below is a list in order of what had to be done to repair the issue. Once Agent Holt gave me the end of the knot, as it were, and friends told me where to find the tools, unraveling the problem was simply time-consuming.
What you will need:
- Your computer
- A second internet-connected computer
- two USB drives of at least 2Gb in size
- Your backup drive (if you have one)
- First, download Ubuntu onto a clean USB drive that you can toss if you aren’t sure it got contaminated in this process. Instructions can be found here.
- Boot the crippled computer from the USB drive and create a partition for the Ubuntu. Once it is fully operational, you will be able to see your files and do a backup if you didn’t already have one.
- You will need to install WINE from the Ubuntu store.
- Then install rkill, and Malwarebytes. These will need to be opened with WINE, if you simply double-click they will not run.
- Use rkill first. It shuts down any potential malware that can prevent a malware busting program from running properly.
- Then you will run Malwarebytes. In my case, it found a trojan and a backdoor bot, which were eliminated.
- It is possible that at this point you will be able to reboot and regain functionality in the Windows side of your drive. I was not able to do so.
- Returning to the BSOD, I chose the reset, delete files option. Several minutes later, my computer rebooted and was back to working normally.
- I was able to run file recovery from my back-up drive and restore all my files. It was a pain to have to reinstall major programs like Wolfram and MS Office, but at least I had everything working.
Although this breaks down and looks short, there are some time-consuming steps in here, and it took me the better part of 24 hours (with sleep in there) to complete it. Hope this helps someone somewhere.
Comments
8 responses to “Diagnosis and Repair”
Any idea where the trojan and backdoor bot came from?
No, unfortunately. I know I picked up a piece of malware from a Dropbox download, but when I researched Pokki it seems to be more spyware than something this bad. I try to be careful about downloads, but when I’m doing research for school I have come across sites where you click on a link and a download automatically starts – annoying, and probably where this came from Amanda told me that it’s likely it had been on my computer for a while but the Avast scan wasn’t catching it. Which is why I was told to run rkill first, then scan.
We CANNOT be connected this way.
The (writing drive of course), went out on Friday evening. All day Saturday formatting and restoring the backup.
Unless we picked up the digital Boojum from the same source? Although we suspect mine had been in the drive for a while.
Got everything back ok?
Sigh, no – I have a 12 hour backup cycle, and the early AM one had run, but the evening one had not. A productive day, too, of course. I keep logs of what I accomplished in a day, though, and it was close enough that the ideas and wording hadn’t completely vanished.
So I reconstructed writing over Sunday, finished up the last bit early Monday morning (and one part of it I think I did better). Three days of “no really new stuff.” Taught me again, for a while, to use the app I wrote years ago for “instant backup.” (Some day I will have the funds to set up a Pournelle household – without the bleeding edge aspects of it.)
Mine wasn’t illness, anyway – just old age.
You confirm yet again my decision to stick with Apple.
I know the hardware is kind of pricey, but all those automatic downloads you describe go to my designated dump folder where they sit not knowing what to do until I delete them.
I did just finally break down and order a 3Tb external to handle automatic backups.
To respond to the FB comment above (no, I don’t do Facebook…), yes — I keep a ready install of Ubuntu on a thumb drive all the time along with a few other diagnostic tools. Update it every 6 months or so and you’re ready to go!
Sounds like a good idea, after this!
And I know everyone doesn’t do FB, which is why I have both comment sections enabled. If there’s a better way, I haven’t figured it out yet.